ffmpeg | branch: master | Michael Niedermayer <mich...@niedermayer.cc> | Thu Sep 8 19:48:06 2016 +0200| [c0fc83ed41edec476c1b9601e1bc0177967ce206] | committer: Michael Niedermayer
avcodec/mlz: Check offset before writing Fixes: 0cee183a09bff5aa5108429717c35a4d/asan_heap-oob_1d99eca_3702_9ef60e80de79082a778d3d9ce8ef3b64.mp4 Affects no release Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c0fc83ed41edec476c1b9601e1bc0177967ce206 --- libavcodec/mlz.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/mlz.c b/libavcodec/mlz.c index acb0908..039635d 100644 --- a/libavcodec/mlz.c +++ b/libavcodec/mlz.c @@ -81,6 +81,10 @@ static int decode_string(MLZ* mlz, unsigned char *buff, int string_code, int *fi } else { offset = dict[current_code].match_len - 1; tmp_code = dict[current_code].char_code; + if (offset >= bufsize) { + av_log(mlz->context, AV_LOG_ERROR, "MLZ offset error.\n"); + return count; + } buff[offset] = tmp_code; count++; } _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
